﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

public partial class ajax_updatecatalog : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["id_user"] == null || Session["permission"] == null || ((int)Session["permission"]) <= 1)
        {
            Response.Write("FAIL");
            return;
        }

        #region check current user is enable to access current catalog
        int catId = Int32.Parse(Request["id"]);
        string sql = "SELECT projectId FROM [catalog] WHERE id=" + comm.to_sql(catId.ToString(), "number");
        DataTable dtTable = dal.SelectTable(sql);
        if (dtTable.Rows.Count != 1)
        {
            Response.Write("FAIL");
            return;
        }
        int projectId = Int32.Parse(dtTable.Rows[0]["projectId"].ToString());
        int projectIdFromRequest = Int32.Parse(Request["projectId"]);
        if (projectId != projectIdFromRequest)
        {
            Response.Write("FAIL");
            return;
        }
        SqlParameter[] listParams = new SqlParameter[3];
        //-- param 1: @userId
        int id = Int32.Parse(Session["id_user"].ToString());
        SqlParameter param = new SqlParameter("@userId", id);
        param.SqlDbType = SqlDbType.Int;
        param.Direction = ParameterDirection.Input;
        listParams[0] = param;

        //-- param 2: @projectId
        param = new SqlParameter("@projectId", projectId);
        param.SqlDbType = SqlDbType.Int;
        param.Direction = ParameterDirection.Input;
        listParams[1] = param;

        //-- param 3: @isAccess
        param = new SqlParameter();
        param.ParameterName = "@isAccess";
        param.SqlDbType = SqlDbType.Int;
        param.Direction = ParameterDirection.Output;
        listParams[2] = param;

        dal.ExecuteSP("proCheckAccessProject_GET", listParams);
        int enable = Int32.Parse(listParams[2].Value.ToString());
        if (enable == 0)
        {
            Response.Write("FAIL");
            return;
        }
        #endregion

        #region check user is enable to add/edit catalog to project
        if (((int)Session["permission"]) >= 4)
        {
            string sql1 = " SELECT permission FROM UserProject " +
                  " WHERE userId=" + comm.to_sql(id.ToString(), "number") +
                  " AND projectId=" + comm.to_sql(projectId.ToString(), "number");
            DataTable dtTable1 = dal.SelectTable(sql1);
            if (dtTable1.Rows.Count == 1)
            {
                int permission = Int32.Parse(dtTable1.Rows[0]["permission"].ToString());
                if (permission >= 5)
                    throw new Exception("FAIL");
            }
            else
                throw new Exception("FAIL");
        }
        #endregion

        // get priority
        int priority = 1;
        try
        {
            priority = Int32.Parse(Request["priority"]);
        }
        catch
        {
            priority = 1;
        }
        // check current catalog is or is not exist
        // if not, update catalog
        string name_catalog = comm.StandardString(Request["name"]);
        if (name_catalog.Length == 0)
        {
            Response.Write("FAIL");
            return;
        }
        sql = "SELECT id,projectId FROM [catalog] " +
              " WHERE name=" + comm.to_sql(name_catalog, "string") +
              " AND projectId=" + comm.to_sql(projectId.ToString(), "number");
        dtTable = dal.SelectTable(sql);
        if (dtTable.Rows.Count == 1)
        {
            if (projectId != Int32.Parse(dtTable.Rows[0]["projectId"].ToString()))
            {
                Response.Write("FAIL");
                return;
            }
            int idCat = Int32.Parse(dtTable.Rows[0]["id"].ToString());
            if (idCat != catId)
            {
                Response.Write("DUPLICATE");
                return;
            }
            // update catalog
            string des_catalog = comm.to_sql(comm.StandardString(Request["des"]), "string");
            sql = "UPDATE [catalog] " +
                  " SET name= " + comm.to_sql(name_catalog, "string") + " ,description= " + des_catalog +
                  ", priority=" + comm.to_sql(priority.ToString(), "number") + ",createdby=" + comm.to_sql(id.ToString(), "number") +
                  " WHERE id=" + comm.to_sql(catId.ToString(), "number");
            if (dal.Execute(sql) == 1)
            {
                Response.Write("OK");
                return;
            }
            else
            {
                Response.Write("FAIL");
                return;
            }
        }
        else if (dtTable.Rows.Count == 0)
        {
            // update catalog
            string des_catalog = comm.to_sql(comm.StandardString(Request["des"]),"string");
            sql = "UPDATE [catalog] " +
                  " SET name= " + comm.to_sql(name_catalog,"string")+" ,description= " + des_catalog +
                  ", priority=" + comm.to_sql(priority.ToString(), "number") + ",createdby=" + comm.to_sql(id.ToString(), "number") +
                  " WHERE id=" + comm.to_sql(catId.ToString(),"number");
            if (dal.Execute(sql) == 1)
            {
                Response.Write("OK");
                return;
            }
            else
            {
                Response.Write("FAIL");
                return;
            }
        }
        else
        {
            Response.Write("FAIL");
            return;
        }
    }

}
